Corporate criminal offence: tax evasion

The corporate criminal offence (CCO) rules apply to all corporate entities that fail to prevent the facilitation of tax evasion and carry severe penalties. Businesses need to understand their obligations.

The Criminal Finances Act 2017 introduced two new criminal offences targeted at corporate entities but also including partnerships and charities. The CCO rules apply when an entity fails to prevent its “associated persons”, broadly, anyone acting for or on its behalf, from facilitating either UK or overseas tax evasion.

An associated person is defined as an individual or entity performing services for or on behalf of the entity when the facilitation takes place. This could include employees, subcontractors, consultants, agents and suppliers.

Three steps must exist for an offence to be prosecuted under the CCO rules:

A criminal tax evasion offence by an individual or corporate taxpayer
Criminal facilitation, requiring deliberate or dishonest behaviour, of this tax evasion offence by an associated person of the entity
Failure by the entity to prevent the associated person from committing the criminal act at the second step

If prosecuted, penalties for corporate entities are severe.

A robust compliance approach

An organisation’s only defence against prosecution under CCO is that it had reasonable procedures in place to prevent the facilitation of tax evasion. It is critical to undertake a risk assessment, implement reasonable prevention procedures, including appropriate training, and ensure ongoing monitoring.

As organisations are required to ensure a proportionate and reasonable response to the rules, we tailor our approach to each business’s level of risk, framed around HMRC’s six guiding principles:

Risk assessment
Proportionate prevention procedures
Commitment from senior management
Due diligence
Communication and training
Monitoring and review

How can we help?

S&W’s tax experts help businesses understand their obligations under the CCO rules, assess their risks and implement prevention procedures:

Undertaking risk assessments
Giving support with policies and communication
Providing training to businesses through group workshops and e-learning modules
Reviewing prevention procedures and internal controls, including benchmarking against similar businesses
Advising on potential breaches
Undertaking health checks on organisations’ response to CCO
Ensuring ongoing monitoring of risk assessments and the reasonableness of prevention procedures

Janaissa Eaglestone

Director

Message +44 204 617 5278

London

View profile

Frequently asked questions about corporate criminal offences

What is the corporate criminal offence of failing to prevent tax evasion?

The Criminal Finances Act 2017 introduced two new criminal offences, targeted at all corporate entities but including partnerships and charities. The CCO rules apply if such an entity fails to prevent its associated persons from facilitating either UK or overseas tax evasion.

The only defence an entity has under the CCO rules is that it had reasonable prevention procedures in place to stop the facilitation from taking place.

What are the potential penalties?

If prosecuted, penalties for corporate entities are severe, including but not limited to:

A potentially unlimited fine
Implications for regulated entities, such as losing licenses
Potential prevention from bidding for public contracts
Reputational damage

How is HMRC investigating businesses under the Criminal Finances Act 2017?

HMRC has allocated additional roles to fraud investigation since the Criminal Finances Act 2017, and HMRC case managers have been trained to discuss the CCO with large businesses. It also forms part of HMRC’s Business Risk Review checklist.

New cases are often identified through HMRC’s usual tax evasion investigations under either civil or criminal powers. Where tax evasion is found to have occurred, HMRC then considers whether or not the tax evasion was facilitated by an associated person of a relevant entity. By tracing the tax evasion through to an entity, HMRC can enquire whether or not that entity has done a CCO risk assessment and test its prevention procedures.

We are a small business with strong internal controls. Do we need to do a risk assessment for facilitation of tax evasion?

Undertaking a risk assessment is recommended for all organisations, regardless of size or sector. Implementing significant prevention procedures may not be necessary if the risks are minimal. An initial risk assessment can determine this. The findings should be documented.

HMRC guidance states that "it will rarely be reasonable to have not even conducted a risk assessment".

Can we use our existing financial crime and business controls and policies to ensure CCO compliance?

These provide a useful framework from which to develop prevention procedures against tax evasion and facilitation of tax evasion.

It is important to ensure that existing procedures are appropriately tailored to target tax evasion and tax fraud; simply adding “tax” to existing policies, for example, is unlikely to be sufficient.

Who is responsible for preventing the facilitation of tax evasion in an organisation?

The CCO risk assessment will likely require input from individuals across the business and will almost certainly involve finance, tax, legal, risk and compliance experts, among others.

Overall responsibility for ongoing monitoring often falls to one of these teams, depending on the size and structure of the organisation.

Regardless of where the responsibility lies, it is critical that a team or an individual takes ownership of CCO risk management.